Exchange 2010 offers protected voice mail that works roughly like the “mark as private” option that many legacy voicemail systems provide. The difference is that Exchange 2010 uses Active Directory Rights Management Service (AD RMS) to apply restrictions to the message that prevent clients from forwarding it. This gives the same protection as legacy VM systems, which implemented message privacy by keeping VM recipients from forwarding messages.
This is a nifty idea, given that it ties together Exchange UM with AD RMS in a logical way. It has some implications, though, that may not be obvious at first glance.
First, of course, is that you have to use a compatible client to play the voice message. A client that doesn’t support AD RMS won’t even see that the message has an audio attachment. It just shows up as the familiar “this message is protected with…” text. In this context, “compatible” means Outlook 2007, Outlook 2010, or OWA 2010. There’s no Mac client (yet; the forthcoming version of Outlook for Mac is alleged to support AD RMS messages), nor are there mobile clients.
Second, when you play the message, the way you play it may vary according to the policies in effect on your system. The UM mailbox policy defines a setting named “Allow multimedia playback of protected voice messages“. When this setting is false (e.g. when it does not allow multimedia playback), users can only play protected voice mail messages through the Exchange Play on Phone mechanism or through Outlook Voice Access (e.g. over the phone), not through the inline media players in Outlook and OWA. This is useful in some contexts to prevent users from playing sensitive messages on their laptop speakers at the coffee shop, at high volume in a cubicle farm, and so on.
Unfortunately, the documentation says this setting is set to false by default… in other words, the default settings (according to the docs) only let you play protected VMs on the phone. In reality, the settings is true by default, so that users can play protected messages back on the phone or through the local media player. In other words, the docs are 100% wrong. I blame this on the fact that the attribute name in the UM mailbox policy is RequireProtectedPlayOnPhone– the opposite wording. If “require X” is false, that’s the same as “allow not-X” being true. So, this is now bugged with the Exchange UE team.
In playing with this feature, I also wasn’t able to make Exchange protected voice mail messages show up consistently in Communicator’s VM notification system. I think that’s because my test machine was using Outlook 2007, in cached mode; the protected VMs didn’t show up in its “Voice Mail” search folder either. I’ll have to test this some more with an Outlook 2010 machine to see what happens, but my expectation is that Communicator should show protected VMs just like it does normal ones.